<?php
//Security Checking for the user if allowed to login.
session_start();
if(strlen($_SESSION['u_name'])==0)
{
	?>
	<script>
	window.open("admin-login.php","_self");
	</script>
	<?php 
	exit;
}

//#########INCLUDE FILES########
include_once '../conf/db-config.php';
include_once '../conf/error.php';
include_once '../clsFetchData.php';
include_once '../array_to_xml.php';
include_once 'city-name.php';
//##############################

/*
 * 
 * ALTER TABLE `xmlcontact`.`tbl_users` ADD COLUMN `user_email` VARCHAR(500) AFTER `is_admin`;
 */

$objFetchData = new clsFetchData();
$allUsers = array();
$allUsers = $objFetchData->getAllUsers();
$userName = $_REQUEST['txtusername'];
$userPassword = $_REQUEST['txtTempPass'];
$userEmailId = $_REQUEST['txtEmailId'];
$cityNames = array();
$cityNames = $_POST['selectCityName'];
$hiddenField = $_REQUEST['hdnUpdate'];

if($hiddenField=="update")
{
	$editedId = $_REQUEST['hdnUserId'];
	mysql_query("DELETE FROM tbl_users WHERE id=".$editedId);
	mysql_query("DELETE FROM tbl_user_city WHERE user_id=".$editedId);
	
}
$allUsers = $objFetchData->getAllUsers();
if(!in_array($userName,$allUsers))
{


	$sqlI = "INSERT INTO tbl_users (user_name, password, is_active, lastlogin, is_admin, user_email) VALUES
	('$userName', '$userPassword', 'Y', now(), 'N','$userEmailId')";
	$run = mysql_query($sqlI);
	if($run)
	{
		$sql = "SELECT id FROM tbl_users WHERE user_name='$userName' AND password = '$userPassword'";
		$rundata = mysql_query($sql);
		while ($data = mysql_fetch_array($rundata))
		{
			$userId = $data['id'];
		}
	}
	if(count($cityNames)>0)
	{
		foreach($cityNames as $values)
		{
			mysql_query("INSERT INTO tbl_user_city (user_id,city) VALUES ($userId,'$values')");
		}
	}
	
}
else
{
	?>
	<script>
	window.open("assign-user.php?error=duplicateuser","_self");
	</script>
	<?php 
}


?>
	<script>
	window.open("admin-homepage.php","_self");
	</script>
